Thank you for the quick reply Toshi.

If i get it right, you configure a LACP Interface with 2 physical Port´s on the Fortigate for each vDOM ?

or for the root vDOM alone and then use Vlan´s in the other vDOMs and bound it to the LACP Interface on the root

vDOM?

Some configuration example may make it clear for me.

Thank you.

By assuming the other end is terminated at a VLAN capable switch, regardless where/what vdom the physical agg interface is terminated at, we regularly don't assign any IP on it, or don't use non-tagged interface, but use only VLANs for all VDOM uses including root. Where on the other end it's switched with/without tags is up to the switch.

Thank you for the reply Toshi and interest.

Still not 100% clear for me.

Fortigate Interface 1 to  Switch(1) Interface 1 - LACP and 802.1q

Fortigate Interface 2 to  Switch(2) Interface 1 - LACP and 802.1q

Per VDOM : physical interface --> devided into subinterface for each VLAN -----> Fortigate tag the Vlan and send it across the link 

is this correct ?

How to achieve a LACP link with 802.1q trunking ?

thank you 

Yes. Although each vdom doesn't care about physical interfaces.

Below thread includes LACP config in the middle. All about mode, speed and algorithm config. I think it's automatically configured on any agg interface with active/slow/L3. We always use active-active to avoid any incompatibility issues.

https://forum.fortinet.com/tm.aspx?m=174862

Thank you Toshi for the reply and interest.

Iám still a liitle bit confused.

Toplogy: Full mesh High Availability  Virtual Cluster with two FG.

full mesh consist of 4 Switches ( switch pair stacked) and 2 FG with 3 VDOMS. No Inter-VDOM-routing necessary.

                        Server

                            |

              Switch Stack (2 Switches)

                agg. Trunk 802.1q

           FG 1 Primary-Hearbeat- FG 2 Secondary  ( VDOMS same one each FG)

              agg.  Trunk 802.1q

             Switch Stack (2 Switches)

                            |

                         Server

Just to get it right now, each VDOM has normally 2 phy. Ports ingress and egress.

I don´t want to use two dedicated phy. Ports for each VDOM.

Is it instead possible to use a logical Interface in the shape of 802.1q trunk for each VDOM.

So that at the end , i use  two phy. ports on each FG for the upper stacked switches agg. trunk and two phy. ports for the agg. trunk to bottom stacked switches ????

regards

Yes, that's what I've been trying to explain. Each VDOM takes only a VLAN interface (physical interfaces and the agg interfaces need to be in one of them but doesn't matter which one).

In case of "stacked two switches" and one leg goes to the first switch and another goes to the second, it's not generally called as "full-mesh" but practically accomplishes the same so we almost always use that topology for HA.

Isn't this what you want??